-
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are increasingly exploiting infrastructure-level DNS features to evade modern phishing detection systems. A recent campaign demonstrates how attackers are abusing reverse DNS zones under the .arpa domain together with IPv6 addressing to generate phishing URLs that bypass traditional…
-
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released its latest Android security updates addressing 129 vulnerabilities, including a zero-day flaw affecting Qualcomm graphics components that is reportedly being exploited in targeted attacks. The March Android Security Bulletin highlights the ongoing importance of timely mobile patch…
-
QuickLens Chrome extension steals crypto, shows ClickFix attack
A compromised Google Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was weaponized to deliver malware, conduct cryptocurrency theft, and execute ClickFix-style social engineering attacks against thousands of…
-
CISA: Recently patched RoundCube flaws now exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two recently patched Roundcube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, confirming that both flaws are being actively exploited in the wild. Federal agencies have been ordered to…
-
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Threat actors are expanding the scope of ClickFix social engineering campaigns by leveraging DNS infrastructure to deliver malware, marking the first documented case of DNS being used as a payload delivery channel in this attack framework. The technique represents a…
-
ZeroDayRAT malware grants full access to Android, iOS devices
A newly advertised commercial mobile spyware platform known as ZeroDayRAT is being promoted within cybercriminal communities as a tool capable of delivering full remote access to compromised Android and iOS devices. Marketed via underground channels on Telegram, the malware exemplifies…
-
Exposed MongoDB instances still targeted in data extortion attacks
Exposed MongoDB instances continue to be actively targeted in automated data extortion campaigns, with attackers demanding relatively small Bitcoin ransoms in exchange for alleged data restoration. Despite years of warnings and prior large-scale incidents, misconfigured databases remain a persistent and…
-
Hugging Face abused to spread thousands of Android malware variants
A large-scale Android malware campaign has been uncovered that abuses Hugging Face as a distribution channel for thousands of malicious APK variants designed to steal credentials from popular financial and payment services. The operation highlights how trusted developer platforms are…
-
Hackers exploit critical telnetd auth bypass flaw to get root
An authentication bypass vulnerability in SmarterTools’ SmarterMail email server is now being actively exploited, allowing attackers to reset administrator passwords and take full control of affected systems. The flaw enables unauthenticated threat actors to hijack admin accounts and achieve complete…
Must-Read Posts
- ‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
- Adidas warns of data breach after customer service provider hack
- AI Cuts vCISO Workload by 68% as Demand Skyrockets, New Report Finds
- AI in Cybersecurity: Revolutionizing Defense Against Emerging Threats
- Android gets patches for Qualcomm zero-day exploited in attacks
